Privacy Policy

Last updated: April 2026

1. Controller

The controller responsible for data processing on this website is:

Spectroplast GmbH

Flössergasse 2

81369 München Germany

Email: info@spectroplast.com

Website: www.spectroplast.com

2. Scope of This Policy

This Privacy Policy explains how Spectroplast GmbH collects, uses, stores, and protects personal data when you visit our website (spectroplast.com), use our on-demand manufacturing platform, upload files, place orders, or communicate with us. It applies to all users in the European Union and beyond, in accordance with the General Data Protection Regulation (GDPR).

3. Data We Collect and Why

3.1 Website Visit and Analytics

When you visit our website, we collect technical data to analyze usage and improve performance. All analytics tools on this website are blocked by default and are only activated after you have given explicit consent via our cookie banner. No tracking of any kind occurs before consent is granted.

We use the following analytics tools:

Google Analytics 4 (GA4) Anonymized usage data including page views, session duration, and device type. GA4 is initialized in a fully denied state by default. Tracking is only enabled after you explicitly accept analytics cookies via our cookie banner. Data is processed by Google LLC (USA) under a Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs). Privacy Policy: https://policies.google.com/privacy

Vercel Analytics Performance monitoring for our website infrastructure. Analytics events are blocked by default and only transmitted after you grant consent. Data is processed by Vercel Inc. (USA) under SCCs. Privacy Policy: https://vercel.com/legal/privacy-policy

Microsoft Clarity User behavior analytics including heatmaps and session recordings to improve user experience. The Clarity script is not loaded at all until you grant analytics consent. Session recordings may capture interactions with page elements but are configured to exclude personally identifiable information. Data is processed by Microsoft Corporation (USA) under SCCs. Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement

Legal basis: Art. 6(1)(a) GDPR — consent. You may withdraw consent at any time via our cookie settings or your browser settings. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

3.2 Contact Forms

When you submit a contact form on our website, we collect:

  • Name
  • Email address
  • Company name
  • Your message

How your data flows: Your submission is processed in two ways simultaneously. First, it is forwarded to our internal team via Resend (Resend Inc., USA), a transactional email service that delivers your inquiry to our Outlook inbox. Second, it is stored as a record in our CRM system (Odoo). Both processors act under Data Processing Agreements.

Resend Privacy Policy: https://resend.com/legal/privacy-policy Odoo Privacy Policy: https://www.odoo.com/privacy

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to respond to your inquiry or take pre-contractual steps.

3.3 File Upload and Online Shop (3YourMind)

Our 3D file upload platform and on-demand manufacturing store is powered by 3YourMind. When you upload a file and create an account, we collect:

  • Name and surname
  • Email address
  • Company name and address
  • Billing and shipping address
  • Uploaded 3D files and associated specifications
  • Order history and transaction data

This data is necessary to process your order, manufacture your parts, and fulfill our contractual obligations. Data is processed by 3YourMind GmbH (Germany) under a Data Processing Agreement.

3YourMind Privacy Policy: https://www.3yourmind.com/privacy-policy

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

3.4 CRM and Order Management (Odoo)

When you express interest in a product or service, or order a product or service, we will store the information you submit in a customer account in our CRM database which contains your master data (name, address, account etc.). All communications, correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the (prospective) business relationship will then be stored in, or linked to, this customer account.

We will store and process your data on the one hand to perform the respective contractual relationship with respect to the products and services we deliver to you (legal basis for processing: Art. 6(1)(b) GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, in order to fulfill statutory documentation and document retention obligations (legal basis for processing: Art. 6(1)(c) GDPR).

We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified below. Otherwise customer data will be deleted after expiry of one year.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract and Art. 6(1)(f) GDPR — legitimate interest.

Odoo Privacy Policy: https://www.odoo.com/privacy

3.5 Email Communication (Resend / Odoo)

Transactional emails (order confirmations, shipping notifications, inquiry responses) are sent via Resend (Resend Inc., USA). Resend acts as a data processor under a Data Processing Agreement and Standard Contractual Clauses.

Marketing emails, where applicable, are managed via Odoo. You can unsubscribe at any time via the link included in every marketing email or by contacting info@spectroplast.com.

Resend Privacy Policy: https://resend.com/legal/privacy-policy

Legal basis:

  • Transactional emails: Art. 6(1)(b) GDPR — contract performance.
  • Marketing emails: Art. 6(1)(a) GDPR — consent.

3.6 Internal Tools

We use the following tools internally, which may process personal data (e.g., names, email addresses, project-related information) as part of normal business operations:

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in efficient business operations.

4. Cookies

Our website uses the following types of cookies:

Functional cookies — Necessary for basic website operation, including storing your cookie consent preference. These are set automatically and do not require consent.

Analytics cookies (GA4) — Set only after you explicitly accept via our cookie banner. These enable usage analysis via Google Analytics 4.

Microsoft Clarity — Loaded only after analytics consent is granted. Enables heatmaps and session recordings.

Vercel Analytics — Events are blocked until analytics consent is granted. No persistent cookies are set by Vercel Analytics.

You can manage or withdraw your consent at any time via the cookie settings link in the website footer, or via your browser settings.

5. Data Transfers Outside the EU

Some of our service providers are based outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data Processing Agreements (DPAs) with all processors.

Affected providers and transfer mechanisms:

ProviderCountryTransfer MechanismGoogle LLC (GA4)USASCCs + DPAMicrosoft (Clarity, 365)USASCCs + DPAVercel Inc. (Analytics)USASCCs + DPAResend Inc.USASCCs + DPAOdoo S.A.Belgium (EU)GDPR applies directly3YourMind GmbHGermany (EU)GDPR applies directly

6. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact inquiries: Up to 3 years after last contact.
  • Order and customer data: 10 years (German statutory accounting obligations under HGB).
  • Analytics data: GA4 max. 14 months (configured). Vercel Analytics and Clarity data is retained per each provider's standard terms; no personal data is retained by Vercel Analytics.
  • Newsletter and marketing: Until unsubscription or withdrawal of consent.
  • Cookie consent record: 1 year (stored locally in your browser).

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — Request a copy of the data we hold about you.
  • Right to rectification (Art. 16 GDPR) — Request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) — Request deletion, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) — To processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3) GDPR) — At any time, without affecting prior lawful processing.

To exercise any of these rights, please contact us at:

Spectroplast GmbH

Flössergasse 2,

81369 München, Germany

Email: info@spectroplast.com

You also have the right to lodge a complaint with the competent supervisory authority:

Bayerisches Landesamt fur Datenschutzaufsicht (BayLDA) Promenade 18, 91522 Ansbach, Germany Website: https://www.lda.bayern.de

8. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure, including:

  • HTTPS encryption for all website traffic.
  • Access controls on a need-to-know basis.
  • Data Processing Agreements with all third-party processors.
  • Regular security reviews.

9. Changes to This Policy

We may update this policy to reflect changes in law or our services. The current version is always available at spectroplast.com/privacy. Material changes will be communicated where required by law.

10. Contact

For any questions about this policy or your personal data:

Spectroplast GmbH

Flössergasse 2

81369 München Germany

Email: info@spectroplast.com